Feedly:TrendLabs Security Intelligence Blog. SLOTH Downgrades TLS 1.2 Encrypted Channels

from TrendLabs Security Intelligence Blog

Early last month a new vulnerability was found in how TLS 1.2 was implemented.  Researchers from the French Institute for Research in Computer Science and Automation (INRIA) called this new attack SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes). An attacker with man-in-the-middle capabilities could use SLOTH to attack encrypted traffic in the following ways: decrypt...